Institute of Information Science - University of Miskolc

User Tools

Site Tools

Trace: basic_communication_structures error_detection_and_correction
tanszek:oktatas:techcomm:hash_functions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tanszek:oktatas:techcomm:hash_functions [2024/10/07 15:26] kneheztanszek:oktatas:techcomm:hash_functions [2024/10/07 15:31] (current) – [Storing Passwords with Hashes] knehez
Line 36: Line 36:
  
 1. **Square the PIN**: 1. **Square the PIN**:
-   \[+\[
    4531^2 = 20529961    4531^2 = 20529961
-   \]+\]
 2. Take the middle 5 digits to get a new 4-digit number: **2061**. Only the first and last two digits are retained. 2. Take the middle 5 digits to get a new 4-digit number: **2061**. Only the first and last two digits are retained.
 3. **Square again**: 3. **Square again**:
-   \[+\[
    2061^2 = 4247721    2061^2 = 4247721
-   \] +\] 
-4. Take the middle 5 digits again to get another 4-digit number: **4221**.+4. Take the middle 5 digits again to get another 4-digit number: **4772**.
 5. Repeat the squaring and digit extraction process **1000 times**. 5. Repeat the squaring and digit extraction process **1000 times**.
 6. Suppose the final result is **6538**. 6. Suppose the final result is **6538**.
Line 52: Line 52:
 ==== Storing Passwords with Hashes ==== ==== Storing Passwords with Hashes ====
  
-Websites also store passwords using **hash codes**. They don’t store the actual password but rather transform it using an algorithm and store the result.+Websites also store passwords using **hash codes**. They don’t store the actual password but transform it using an algorithm and store the result.
  
-On some websites, you can generate various hash codes for a given password online. For example, the MD5 hash of the code **‘1234’** is:+On some websites, you can generate various hash codes for a given password online. For example, the MD5 hash of the code ''1234'' is:
 \[ \[
 \text{md5}(1234) = 81dc9bdb52d04dc20036dbd8313ed055 \text{md5}(1234) = 81dc9bdb52d04dc20036dbd8313ed055
 \] \]
  
-Does this mean that storing hashes provides full security? Unfortunately, no. Suppose a hacker steals the database and looks up our password. On a hash-cracking site, they can input the long hash code: +Does this mean that storing hashes provides full security? Unfortunately, no. Suppose a hacker steals the database and looks up our password. On a hash-cracking site, they can input the long hash code: [[https://crackstation.net/|Hash Cracking Site]
-\[ +
-\text{hash cracking} +
-\]+
 Unfortunately, they might quickly figure out the password. Unfortunately, they might quickly figure out the password.
  
Line 68: Line 66:
  
 1. **Use long passwords**, but these can be hard to remember. 1. **Use long passwords**, but these can be hard to remember.
 +
 2. **Add a "salt"** to every password when generating the hash. A salt is a fixed string that is added to the password to generate the hash. 2. **Add a "salt"** to every password when generating the hash. A salt is a fixed string that is added to the password to generate the hash.
  
 For example: For example:
 \[ \[
-\text{md5}(1234 + \text{my\_strong\_salt}) = 0e0db19d64ce23edc1bfb52063f25028+\text{md5}(1234 + \text{salt}) = 0e0db19d64ce23edc1bfb52063f25028
 \] \]
  
tanszek/oktatas/techcomm/hash_functions.1728314802.txt.gz · Last modified: 2024/10/07 15:26 by knehez